In recent years, laws and regulations have imposed a number of new requirements governing the responsible management of personal and private data. For example, the United States Health Insurance Portability and Accountability Act (HIPAA) stipulates that individuals have the right to request an accounting of the disclosures of their protected health information by hospitals and other healthcare providers (so-called “covered entities”).
Most modern electronic health records systems (EHRs) provide the tools necessary to collect access logs automatically. For example, the University of Michigan Health System has built and deployed a web-based clinical EHR called CareWeb. To support compliance with HIPAA, each time an employee accesses a medical record via CareWeb, a record is added to the access log. While the precise format can vary among EHR systems, it is typically quite simple. CareWeb access logs contain four main attributes: Timestamp, User_ID, Patient_ID, and a coded description of the Action performed (e.g., viewed lab reports, or updated history).
One promising approach for supporting HIPAA compliance, and improving overall transparency, is the idea of user-centric auditing. Basically, the idea is to construct a portal where individual patients can login and view a record of all accesses to their medical records. When the underlying access logs are of the form described above, this is relatively straightforward. Unfortunately, the resulting access histories are often long and hard to analyze. Worse, the list of accesses often includes accesses by many people the patient does not know. For example, the patient probably knows the name of his primary care physician, but he is not likely to recognize the name of the intake nurse or the radiologist who read his x-ray.